USDTHORChain Resumes Trading After $10.7M Vault Exploit
Network Restarts After Shutdown, Vault Checks and Security Upgrades
TL;DR
- THORChain resumed full trading operations after a shutdown tied to a $10.7 million vault exploit.
- The May incident affected one Asgard vault, while five other vaults were reportedly not compromised.
- The restart followed vault verification, node keyshare checks and new security upgrades.
Trade smarter on Jupiter, Solana’s leading DEX built for fast execution and deep liquidity.
Swap tokens at competitive rates, route across multiple liquidity sources automatically, and access perpetuals, DCA, and advanced trading tools — all in one place!
THORChain resumed full trading operations on June 23, 2026, after a shutdown triggered by a May exploit that drained about $10.7 million from one of the protocol’s vaults.
The restart brought back trading, swaps, liquidity provider actions, signing, churning, secured assets and trade assets. THORChain described the return as a security-first recovery rather than a rushed reopening, saying the process prioritized security and stability before normal network functions were restored.
THORChain said: “Trading is live again on THORChain. After more than a month offline, the network is fully back. Signing, churning, secured and trade assets, LP actions, and swaps are all up and running. The world’s leading Bitcoin DEX is open for business once again.”
Exploit Affected One Asgard Vault
THORChain paused trading on May 15 after blockchain investigator ZachXBT and security firm PeckShield flagged a suspected exploit affecting activity across Bitcoin, Ethereum, BNB Chain and Base. The attacker reportedly targeted one vulnerability in one of THORChain’s six Asgard vaults.
The affected vault was the only compromised vault, while the remaining five vaults were reportedly unaffected. The incident still forced developers and validators to halt activity and complete a wider recovery process before users were allowed back into normal trading operations.
Before activity resumed, THORChain said every vault was verified and every node keyshare was checked. The protocol also completed a migration that retired older vault infrastructure, supporting the rollout of enhanced security mechanisms across the network.
Validators approved software upgrades that introduced compromised-vault quarantine functions and additional verification procedures. Node operators, developers and the Maya Protocol team were credited with helping maintain network stability throughout the recovery process.
We’ve launched the all-new COIN360 Perp DEX, built for traders who move fast!
Trade 130+ assets with up to 100× leverage, enjoy instant order placement and low-slippage swaps, and earn USDC passive yield while climbing the leaderboard. Your trades deserve more than speed — they deserve mastery.
Upgrades and Asset Support Planned After Restart
THORChain said several near-term development items remain ahead after the restart. Native Monero swaps are already working in end-to-end testing, while Zcash support is also planned as part of the next development phase.
The protocol also plans to introduce dynamic fee mechanisms and deepen liquidity. THORChain describes itself as a venue for native cross-chain swaps without wrapping or bridging, with particular importance as a decentralized exchange for native Bitcoin liquidity.
RUNE, THORChain’s native token, reportedly jumped more than 9% to around $0.429 over the prior 24 hours ahead of the restart announcement. COIN360 data showed RUNE trading around $0.421 at the time of writing, near a historical resistance level.
The restart leaves THORChain facing a practical test after the shutdown: whether users and liquidity return after more than five weeks offline, and whether the new vault checks, keyshare verification, quarantine functions and migration work are enough to reduce the risk of another security failure.
FAQ
Why did THORChain pause trading?
THORChain paused trading after ZachXBT and PeckShield flagged a suspected exploit on May 15.
How much was drained?
The exploit reportedly drained approximately $10.7 million from one Asgard vault.
What functions resumed?
Trading, swaps, liquidity provider actions, signing, churning, secured assets and trade assets resumed.
What upgrades were added?
Validators approved compromised-vault quarantine functions and additional verification procedures.
This article has been refined and enhanced by ChatGPT.
